Location: PHPKode > projects > Emilda > emilda-1.2.3/src/group_management.php
<?php

//-----------------------------------------------------------------------------
//
// Copyright (C) 2003-2005 Oy Realnode Ab
//
//-----------------------------------------------------------------------------
//
// group_management.php
//     Part of the Emilda Project (http://www.emilda.org/)
//
// Description
//     Group Management.
//
// Authors
//     Christoffer Landtman <landtman (at) realnode com>
//     Erik Berglund <berglund (at) realnode com>
//     Mattias Nordstrom <nordstrom (at) realnode com>
//
//-----------------------------------------------------------------------------
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
//-----------------------------------------------------------------------------
//
// $Id: group_management.php,v 1.54.2.2 2005/05/02 12:30:28 mnordstr Exp $
//
//-----------------------------------------------------------------------------

// Id used to identify this page within functions.
$PageID = "GROUP_MANAGEMENT";

require_once "common.inc";

require_once "config.inc";
require_once "constants.inc";
require_once "db.inc";
require_once "error.inc";
require_once "layout.inc";
require_once "mgmnt.inc";
require_once "language.inc";
require_once "MARC.inc";
require_once "search.inc";

layout_header();

if(isset($_REQUEST['delete_id']) && is_numeric($_REQUEST['delete_id']))
{
	// If user tries to delete himself, or tries to delete an user with items pending, disallow.
	$ids = borrowed_books_of_user($_REQUEST['delete_id']);
	if($_REQUEST['delete_id'] == USER_ID || !empty($ids))
	{
		error("session violation");
	}

	if(check_priv("ADMIN"))
	{
		$res1 = sql_query("DELETE FROM linkage WHERE user_id=".$_REQUEST['delete_id']);
		$res2 = sql_query("DELETE FROM users WHERE user_id=" . $_REQUEST['delete_id']);

		if(mysql_affected_rows())
		{
				// Logging
                writeLog("User deleted: " . $_REQUEST['delete_id']);
                layout_page_title(_("User Deleted"), 'ok');
        }
        else {
			layout_page_title(_("Delete Failed"), 'error');
		}
	}
	else
		error("session violation");
}

if(isset($_REQUEST['delete_group']))
{
	if(!is_group_manager($_REQUEST['delete_group']))
	{
		error("session violation");
		exit;
	}

	sql_query("DELETE FROM groups WHERE group_id=".$_REQUEST['delete_group']);
	sql_query("DELETE FROM linkage WHERE group_id=".$_REQUEST['delete_group']);

	if(mysql_affected_rows()) {
		layout_page_title(_("Group Deleted"), 'ok');
		// Logging
		writeLog("Group deleted: ".$_REQUEST["delete_group"]);
	} else {
		layout_page_title(_("Delete Failed"), 'error');
	}
}

if(isset($_REQUEST['attach_id']) && is_numeric($_REQUEST['attach_id']))
{
	if(isset($_REQUEST['group_id']) && is_numeric($_REQUEST['group_id']))
	{
		if(attaching_allowed($_REQUEST['attach_id'], $_REQUEST['group_id']))
		{
			sql_query(	"INSERT INTO linkage SET
							user_id=".$_REQUEST['attach_id'].",
							group_id=".$_REQUEST['group_id'].",
							group_manager=0,
							visible=1,
							view_borrowed=0");
			
			if(mysql_affected_rows()) {
				// Logging
				writeLog("User ".$_REQUEST["attach_id"]." attached to group ".$_REQUEST["group_id"]);
				print layout_page_title(_("User Attached"), 'ok');
			} else {
				print layout_page_title(_("Attach Failed"), 'error');
			}
		}
		else
			error("session violation");
	}
	else
		error("url dismatch");
}

if(isset($_REQUEST['detach_id']) && is_numeric($_REQUEST['detach_id']))
{
	if(isset($_REQUEST['group_id']) && is_numeric($_REQUEST['group_id']))
	{
		if(my_subordinate($_REQUEST['detach_id']))
		{
			sql_query(	"DELETE FROM linkage
							WHERE user_id=".$_REQUEST['detach_id']."
							AND group_id=".$_REQUEST['group_id']);
			
			if(mysql_affected_rows()) {
				// Logging
				writeLog("User ".$_REQUEST["detach_id"]." detached from group ".$_REQUEST["group_id"]);
				print layout_page_title(_("User Detached"), 'ok');
			} else {
				print layout_page_title(_("Detach Failed"), 'error');
			}
		}
		else
			error("session violation");
	}
	else
		error("url dismatch");
}

if(isset($_REQUEST['update']) && isset($_REQUEST['group_id']) && is_numeric($_REQUEST['group_id']))
{
	if(is_group_manager($_REQUEST['group_id']))
	{
        if(isset($_REQUEST['group_name']) && isset($_REQUEST['group_description']))
		{
			if(isset($_REQUEST['group_view_borrowed']) && $_REQUEST['group_view_borrowed'] == "on")
				$group_view_borrowed = 1;
			else
				$group_view_borrowed = 0;

			if($group_view_borrowed == 0)
				sql_query("UPDATE linkage SET view_borrowed=0 WHERE group_id=".$_REQUEST['group_id']);

			$res = sql_query("UPDATE groups
						SET group_name='".$_REQUEST['group_name']."',
						group_description='".$_REQUEST['group_description']."',
						group_view_borrowed=".$group_view_borrowed."
						WHERE group_id=".$_REQUEST['group_id']);
		}
		else {
			error("url dismatch");
		}

		foreach($_REQUEST as $key => $value)
		{
			if(preg_match("/^user_id_/", $key))
			{
                $temp = split("_", $key);
				$current_user_id = $temp[2];

				if($current_user_id != USER_ID) {
					$group_manager = 0;
					$view_borrowed = 0;
					$visible = 0;
				} else {
					// As visible is the only entity that an ADMIN can change of the personal settings,
					// other entities need to be stored, and only visible managed.
					$row = mysql_fetch_array(sql_query("SELECT * FROM linkage WHERE user_id=".USER_ID." AND group_id=".$_REQUEST['group_id'].""));
					$group_manager = $row['group_manager'];
					$view_borrowed = $row['view_borrowed'];
					$visible = 0;
				}
		
				if(array_key_exists("group_manager_".$current_user_id, $_REQUEST) && $_REQUEST["group_manager_".$current_user_id]) {
					$group_manager = 1;
				}

				if(array_key_exists("view_borrowed_".$current_user_id, $_REQUEST) && $_REQUEST["view_borrowed_".$current_user_id] && $group_view_borrowed) {
					$view_borrowed = 1;
				}

				if(array_key_exists("visible_".$current_user_id, $_REQUEST) && $_REQUEST["visible_".$current_user_id]) {
					$visible = 1;
				}

				if(check_priv("ADMIN")) {
					sql_query("UPDATE linkage SET group_manager=".$group_manager.", view_borrowed=".$view_borrowed.", visible=".$visible." WHERE user_id=".$current_user_id." AND group_id=".$_REQUEST['group_id']);
				} elseif(check_priv("POWER")) {
					sql_query("UPDATE linkage SET group_manager=".$group_manager.", view_borrowed=".$view_borrowed." WHERE user_id=".$current_user_id." AND group_id=".$_REQUEST['group_id']);
				}
			}
		}

		if(mysql_affected_rows() != -1) {
			// Logging
			writeLog("Group updated: ".$_REQUEST["group_name"]);
			layout_page_title(_("Group Updated"), 'ok');
		} else {
			layout_page_title(_("Update Failed"), 'error');
		}

		$_REQUEST[$_REQUEST['group_id']] = 'expand';
	}
	else
	{
		error("session violation");
	}
}


if(!isset($_REQUEST['edit_id']) || is_numeric($_REQUEST['edit_id']))
{
	if(isset($_REQUEST['edit_id']) && is_numeric($_REQUEST['edit_id']))
		$edit_id = $_REQUEST['edit_id'];
	else
		$edit_id = "";
	?>

	<script language='JavaScript'>

	function detach_user(delid, group_id, real_name)
	{
		var msg = "<?php echo umlaut_str(_("Are you sure you want to detach the following user:")) ?> " + real_name + "?";

		if (confirm(msg))
		    window.location="group_management.php?id=<?php echo $_REQUEST['id']?>&auth=<?php echo $_REQUEST['auth']?>&" + group_id + "=expand&detach_id=" + delid + "&group_id=" + group_id;
	}

	function del_group(delid, group_name, group_description)
	{
		var msg = "<?php echo umlaut_str(_("Are you sure you want to delete the following group:")) ?> '" + group_name + " - " + group_description + "'?";

		if (confirm(msg))
		    window.location="group_management.php?id=<?php echo $_REQUEST['id']?>&auth=<?php echo $_REQUEST['auth']?>&delete_group=" + delid;
	}

	function del_user(delid, real_name)
	{
		var msg = "<?php echo umlaut_str(_("Are you sure you want to delete the following user:")) ?> " + real_name + "?";

		if (confirm(msg))
		    window.location="group_management.php?id=<?php echo $_REQUEST['id']?>&auth=<?php echo $_REQUEST['auth']?>&delete_id=" + delid + "&all";
	}

	</script>

	<?php

	layout_page_title();

	if (empty ($_REQUEST['order_by']))
	{
		$_REQUEST['order_by'] = "user_surname";
		$_REQUEST['order_dir'] = "ASC";
	}

	$grp_result = sql_query(	"SELECT *
								FROM linkage, groups
								WHERE groups.group_id=linkage.group_id
								AND linkage.user_id=".USER_ID."
								AND linkage.group_manager=1
								AND (groups.group_location_id=".USER_LOCATION."
									OR linkage.visible=1)
								ORDER BY groups.group_name ASC");

	$count = 0; //for distinguishing forms
	while($row = mysql_fetch_array($grp_result))
	{
		$count++;
		$group_id = $row['group_id'];
		
		if($row['group_id'] != $edit_id)
		{
			$my_table =& new Table($row['group_name']);

			//$my_header->add_icon('icon_edit.png', "group_management.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&edit_id=" . $row['group_id']);
			//$my_header->add_icon('icon_delete.png', "javascript:del_group(" . $row['group_id'] . ", \"" . $row['group_name'] . "\", \"" . $row['group_description'] . "\")");

			$my_table->set_footer(
				'<input type="button" class="button" name="edit" value="' . _("Edit") . '" onClick="window.location=\'group_management.php?id=' . $_REQUEST['id'] . '&auth=' . $_REQUEST['auth'] . '&edit_id=' . $row['group_id'] . '\'" />' .
				'&nbsp;&nbsp;' .
				'<input type="button" class="button" name="delete" value="' . _("Delete") . '" onClick="del_group(' . $row['group_id'] . ', \'' . $row['group_name'] . '\', \'' . $row['group_description'] . '\')" />'
			);

			$my_table->add_row(_("Description") . ":", $row['group_description']);

			$content = array();
			$current_group_view_borrowed_restriction = $row['group_view_borrowed'];

			$show_only_visible = "AND linkage.visible=1";
			if(check_priv("ADMIN")) {
				$show_only_visible = "";
			}

			$u_res = sql_query(	"SELECT users.user_card_number, users.user_given_names, users.user_surname, users.user_id, linkage.view_borrowed, linkage.group_manager, linkage.visible
									FROM linkage, users
									WHERE users.user_id=linkage.user_id
									AND linkage.group_id=".$row['group_id']."
									".$show_only_visible."
									ORDER BY linkage.visible DESC, linkage.group_manager DESC, users.user_surname ASC"
									);

			$user_rows = array();
			$group_managers = array();

			while($u_row = mysql_fetch_array($u_res))
			{
				if($u_row['group_manager'] == 1)
					array_push($group_managers, format_user_real_name($u_row));

				array_push($user_rows, $u_row);
			}

			if(isset($row['group_view_borrowed']) && $row['group_view_borrowed'] == 0) {
				$view_borrowed_restriction = "<font class='red'>" . _("No") . "</font>";
			} else {
				$view_borrowed_restriction = _("Yes");
			}

			$my_table->add_row(_("Users") . ":", mysql_num_rows($u_res));
			$my_table->add_row(_("Group Managers") . ":", join(", ",$group_managers));
			$my_table->add_row(_("Show Borrowed Items") . ":", $view_borrowed_restriction);

			if(check_priv("ADMIN")) {
				$visible_header = "<b>" . _("Visible") . "</b>";
			} else {
				$visible_header = "&nbsp;";
			}

			$child_table =& new Table(	"<b>" . _("Type") . "</b>",
										"<b>" . _("Username") . "</b>",
										"<b>" . _("Task") . "</b>",
										"<b>" . _("Can See Borrowed") . "</b>",
										$visible_header);

			foreach ($user_rows as $row)
			{
				$group_task = "<font class='gray'>" . _("None") . "</font>";
				$view_borrowed = "<font class='red'>" . _("No") . "</font>";

				if(check_priv("ADMIN"))
				{
					$visible = "<font class='red'>" . _("No") . "</font>";
					if($row['visible'] == 1) {
						$visible = "<font class='green'>" . _("Yes") . "</font>";
					}
				} else {
					$visible = "&nbsp;";
				}

				if(check_priv("ADMIN", $row['user_id'])) {
					$type = "<font class='red'>ADMIN</font>";
				} elseif(check_priv("POWER", $row['user_id'])) {
					$type = "<font class='green'>POWER</font>";
				} else {
					$type = "NORMAL";
				}

				if($row['group_manager'] == 1) {
					$group_task = "<font class='green'>" . _("Group Manager") . "</font>";
				}

				if($row['view_borrowed'] == 1) {
					$view_borrowed = "<font class='green'>" . _("Yes") . "</font>";
				}

				$my_row =& $child_table->add_row($type, format_user_real_name($row), $group_task, $view_borrowed, $visible);

				if($row['user_id'] != USER_ID && my_subordinate($row['user_id']))
				{
					$my_row->add_icon('icon_edit.png', "management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=" . $row['user_id']);
					$my_row->add_icon('icon_delete.png', 'javascript:detach_user(' . $row['user_id'] . ', ' . $group_id . ', \'' . format_user_real_name($row) . '\')');
				}

				if(can_view_borrowed($row['user_id']) && $row['user_id'] != USER_ID)
				{
					$url = "view_borrowed_books.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&user_card_number=".$row['user_card_number']."&stage=2";
			
					if(!has_expired_books($row['user_id'])) {
						$my_row->add_icon('icon_view_borrowed.png', $url);
					} else {
						$my_icon =& $my_row->add_icon('icon_view_borrowed_red.png', $url);
						$my_icon->set_column('icon_view_borrowed.png');
					}
				}

				if(my_subordinate($row['user_id']) && $row['user_id'] != USER_ID)
				{
					$my_row->add_icon('icon_user_move.png', "user_move.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&stage=2&user_id=".$row['user_card_number']);
				}
			}

			// user-list button
			$browser_user_list = "<a href='javascript: user_list_window = new_window(\"pdf.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&page=user_list&group_id=".$group_id."&mode=view\", \"Userlist\", 800, 600); user_list_window.focus();' class='no-underline'>"
										. layout_insertImg('icon_print.png', '', '', '', '', 'absbottom') . "&nbsp;" . _("User List") .
										"</a>";

			//Print-borrowed-books button
			if($current_group_view_borrowed_restriction)
			{
				// Button to view borrowed in browser
				$print_view_borrowed = "<a href='javascript: view_borrowed_window = new_window(\"pdf.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&page=view_borrowed&group_id=".$group_id."&mode=view\", \"Borrowed\", 800, 600); view_borrowed_window.focus();' class='no-underline'>"
											. layout_insertImg('icon_view_borrowed.png', '', '', '', '', 'absbottom') . "&nbsp;" . _("Borrowed Items") .
											"</a>";
			}
			else {
				$print_view_borrowed = "";
			}

			$my_table->set_footer(
				"<table border='0' width='100%'>
					<tr>
						<td nowrap='nowrap'>
							$browser_user_list
							&nbsp;&nbsp;
							$print_view_borrowed
						</td>
						<td align='right'>" . $my_table->get_footer() . "</td>
					<tr>
				</table>"
			);

			if (isset($_REQUEST[$group_id]) && $_REQUEST[$group_id] == 'expand') {
				$my_table->enable_hide();
				$child_table->enable_hide();
			} else {
				$my_table->hide();
				$child_table->hide();
			}
				
			$my_table->adopt($child_table);
			$my_table->render();

			print '<br /><br />';
		}
		else
		{
			print "<form name='update_group' action='group_management.php' method='post'>";
			print "<input type='hidden' name='id' value='".$_REQUEST['id']."'>";
			print "<input type='hidden' name='auth' value='".$_REQUEST['auth']."'>";
			print "<input type='hidden' name='group_id' value='".$row['group_id']."'>";

			$show_only_visible = "AND linkage.visible=1";
			if(check_priv("ADMIN"))
				$show_only_visible = "";

			$u_res = sql_query(	"SELECT users.user_card_number, users.user_given_names, users.user_surname, users.user_id, linkage.view_borrowed, linkage.group_manager, linkage.visible
									FROM linkage, users
									WHERE users.user_id=linkage.user_id
									AND linkage.group_id=".$row['group_id']."
									".$show_only_visible."
									ORDER BY linkage.visible DESC, linkage.group_manager DESC, users.user_surname ASC");

			$user_rows = array();
			$group_managers = array();
			while($u_row = mysql_fetch_array($u_res))
			{
				if($u_row['group_manager'] == 1)
					array_push($group_managers, format_user_real_name($u_row));

				array_push($user_rows, $u_row);
			}

			$my_table =& new Table(_("Edit Information"));

			$view_borrowed_checked = ($row['group_view_borrowed'] == 0) ? "" : "checked";

			$my_table->add_row(_("Name") . ":", "<input type='text' name='group_name' size=30 value='".$row['group_name']."'>");
			$my_table->add_row(_("Description") . ":", "<input type='text' name='group_description' size=30 value='".$row['group_description']."'>");
			$my_table->add_row(_("Users") . ":", mysql_num_rows($u_res));
			$my_table->add_row(_("Group Managers") . ":", join(", ",$group_managers));
			$my_table->add_row(_("Show Borrowed Items") . ":", "<input type='checkbox' name='group_view_borrowed' ".$view_borrowed_checked.">");
			
			if(check_priv("ADMIN"))
				$visible_header = "<b>" . _("Visible") . "</b>";
			else
				$visible_header = "&nbsp;";

			$child_table =& new Table(	"<b>" . _("Type") . "</b>",
										"<b>" . _("Username") . "</b>",
										"<b>" . _("Task") . "</b>",
										"<b>" . _("Can See Borrowed") . "</b>",
										$visible_header);

			foreach ($user_rows as $row)
			{
				$content = array();
				$group_task = "<font class='gray'>" . _("None") . "</font>";
				$view_borrowed = "<font class='red'>" . _("No") . "</font>";
				$visible = "<font class='red'>" . _("No") . "</font>";

				if(check_priv("ADMIN", $row['user_id']))
					$type = "<font class='red'>ADMIN</font>";
				elseif(check_priv("POWER", $row['user_id']))
					$type = "<font class='green'>POWER</font>";
				else
					$type = "NORMAL";

				if($row['user_id'] != USER_ID && my_subordinate($row['user_id']) && can_be_group_manager($row['user_id']))
				{
					$checked = ($row['group_manager'] == 1) ? "checked" : "";
					$group_task = _("Group Manager") . ":&nbsp;<input type='checkbox' name='group_manager_".$row['user_id']."' ".$checked.">";
				}
				elseif($row['group_manager'] == 1)
					$group_task = "<font class='green'>" . _("Group Manager") . "</font>";

				if($row['user_id'] != USER_ID && my_subordinate($row['user_id']) && check_priv("BORROWED_BOOKS", $row['user_id']) && view_borrowed_allowed($group_id))
				{
					$checked = ($row['view_borrowed'] == 1) ? "checked" : "";
					$view_borrowed = "<input type='checkbox' name='view_borrowed_".$row['user_id']."' ".$checked.">";
				}
				elseif($row['view_borrowed'] == 1)
					$view_borrowed = "<font class='green'>" . _("Yes") . "</font>";

				if(check_priv("ADMIN"))
				{
					if(my_subordinate($row['user_id']))
					{
						$checked = ($row['visible'] == 1) ? "checked" : "";
						$visible = "<input type='checkbox' name='visible_".$row['user_id']."' ".$checked.">";
					}
					elseif($row['visible'] == 1)
						$visible = "<font class='green'>" . _("Yes") . "</font>";
				}
				else
					$visible = "&nbsp;";

				// Print a hidden field for this use, so that editing of this user is allowed.
				print "<input type='hidden' name='user_id_".$row['user_id']."' value='".$row['user_id']."'>";

				$my_row =& $child_table->add_row($type, format_user_real_name($row), $group_task, $view_borrowed, $visible);

				if($row['user_id'] != USER_ID && my_subordinate($row['user_id']))
				{
					$my_row->add_icon('icon_edit.png', "management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=" . $row['user_id']);
					$my_row->add_icon('icon_delete.png', 'javascript:detach_user(' . $row['user_id'] . ', ' . $group_id . ', \'' . format_user_real_name($row) . '\')');
				}

				if(can_view_borrowed($row['user_id']) && $row['user_id'] != USER_ID)
				{
					$url = "view_borrowed_books.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&user_card_number=".$row['user_card_number']."&stage=2";
			
					if(!has_expired_books($row['user_id'])) {
						$my_row->add_icon('icon_view_borrowed.png', $url);
					} else {
						$my_icon =& $my_row->add_icon('icon_view_borrowed_red.png', $url);
						$my_icon->set_column('icon_view_borrowed.png');
					}
				}

				if(my_subordinate($row['user_id']) && $row['user_id'] != USER_ID)
				{
					$my_row->add_icon('icon_user_move.png', "user_move.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&stage=2&user_id=".$row['user_card_number']);
				}
			}

			// Attachable users drop-down
			$attachable_users = 	"<form name='attach_id$count' action='".getenv('REQUEST_URI')."' method='post'>
										<input type='hidden' name='group_id' value='".$group_id."'>
										<select name='attach_id'><option>- " . _("Select User") . " -</option>";

				foreach(attachable_users($group_id) as $user) {
					$attachable_users .= 	"<option value='".$user['user_id']."'>".$user['user_surname'].", ".$user['user_given_names']."</option>";
				}

				$attachable_users .= 	"</select>
										&nbsp;
										<input type='submit' class='button' name='attach' value='" . _("Attach") . "'>
									</form>";

			$my_table->set_footer(
				"<input type='hidden' name='update' value='update' />
				</form>
				<table border='0' width='100%'>
				<tr><td align='left'>" .
				$attachable_users .
				"</td><td align='right'>
				<input type='button' class='button' name='cancel' value='" . _("Cancel") . "' onClick='window.location=\"group_management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "\";'>
				&nbsp;&nbsp;
				<input type='button' class='button' name='update' value='" . _("Update") . "' onClick='document.update_group.submit();'>
				</td></tr>
				</table>"
			);

			$my_table->enable_hide();
			$child_table->enable_hide();

			$my_table->adopt($child_table);
			$my_table->render();

			print "<br /><br />";
		}
	}
}

// Create list of all users of the system if user is ADMIN.
// Allows the ADMIN to remove users from the system!
if(check_priv("ADMIN") && !isset($_REQUEST['all']))
{
	print '<a href="group_management.php?id=' . $_REQUEST['id'] . '&auth=' . $_REQUEST['auth'] . '&all">';
	layout_page_info(_("All Users") . '&nbsp;&gt;&gt;');
	print '</a>';
}
elseif(check_priv("ADMIN") && isset($_REQUEST['all']))
{
 	$res = sql_query("SELECT * FROM users WHERE user_location=".USER_LOCATION." ORDER BY user_surname");

	layout_page_info(_("All Users"));

	$my_table =& new Table(_("Card Number"), _("Name"), _("e-mail"));

	while($row = mysql_fetch_array($res))
	{
		$my_row =& $my_table->add_row(format_card_number($row['user_card_number']), $row['user_surname'].", ".$row['user_given_names'], $row['user_email']);

		if($row['user_id'] != USER_ID && my_subordinate($row['user_id']))
		{
			$my_row->add_icon('icon_edit.png', "management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=" . $row['user_id']);
			// Delete only allowed if user has no checked out items.
			$ids = borrowed_books_of_user($row['user_id']);
			if(empty($ids)) {
				$my_row->add_icon('icon_delete.png', 'javascript:del_user(' . $row['user_id'] . ', \'' . format_user_real_name($row) . '\')');
			}
		}

		if(can_view_borrowed($row['user_id']) && $row['user_id'] != USER_ID)
		{
			$url = "view_borrowed_books.php?id=".$_REQUEST['id']."&auth=".$_REQUEST['auth']."&user_card_number=".$row['user_card_number']."&stage=2";
			
			if(!has_expired_books($row['user_id'])) {
				$my_row->add_icon('icon_view_borrowed.png', $url);
			} else {
				$my_icon =& $my_row->add_icon('icon_view_borrowed_red.png', $url);
				$my_icon->set_column('icon_view_borrowed.png');
			}
		}
	}

	$my_table->render();
}

layout_footer();
?>
Return current item: Emilda